How Can I Use MongoAtlas and Bastion Server to Bypass Firewall Rules?

Help
1

This topic was automatically generated from Slack. You can find the original thread here.

Hi, guys! Any example / tutorial of MongoAtlas and Bastion Server to avoid 0.0.0.0 firewall rule?

2

Hi , do you need help setting up the bastion server, or do you already have one, and just need help connecting through that from Pipedream?

3

I have an example on how to create the Bastion Server here: Network / IP range which I will follow now. But in this article there are examples for MySQL and PostgreSQL only, not for Mongo DB.

4

thanks, just testing with a Mongo Atlas server and developing a workflow template for you

5

Oh! Thanks a lot!

6

I’m unfortunately still getting a timeout trying to connect to my test DB through our bastion host, but give this a try: https://pipedream.com/new?h=tch_3egfjq

7

I realized one of our customers has had issues with this in the past, and tried to connect with the Mongo team here: Node.js tunneling to MongoDB Atlas replica set via bastion host - Installation & Upgrades - MongoDB Developer Community Forums

8

if this doesn’t work, you may need to consult them on the proper configuration, or try another Node.js client like Mongoose

9

I’ll give your workflow a try. However, how do I enable this “SSH (Key-Based Auth) Account” to appear in my Mongo DB step? It doesn’t show on mine…

10

if you add this in the props section of your code:

ssh: {
  type: "app",
  app: "ssh"
},

and click the Refresh Fields button at the top of the code, you should see the option to connect an SSH account

11

Cool!

12

And another quick question: my private key is actually a .pem file. How should I provide it here:

image.png
image.png947×1116 47.9 KB

13

here’s a little more detail on how to connect any app to a code step: Connecting apps in Node.js

14

can you paste the content of the file into that field? You can also enter any random string in that field, then:

  1. Upload the pem file as an attachment in that workflow
  2. Read the content of that file as a string, and pass that to the `
import fs from "fs";

const privateKey = fs.readFileSync(steps.trigger.context.attachments["your_key.pem"]).toString();

const { host: sshHost, username: sshUsername } = this.ssh.$auth

const ssh = new SSH2Promise({
 host: sshHost,
  username: sshUsername,
  privateKey,
})
15

That pulls the privateKey from the contents of the pem attachment, instead of referencing the private key from the connected account

16

(Workflow attachments are encrypted at rest and private to your account)

17

Yeah, . Got stuck at the same point as you: timeout. I will research the articles you mentioned. Thanks a lot for all your help!

18

Let us know if you find out anything useful from the Mongo team! If you get it working, I’m happy to add this as a template in the public docs

19

Yes, I will! Cheers!